The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kame | racoon | * |
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kame | racoon | all_versions |
racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kame | racoon | * |
Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kame | racoon | * |
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ipsec-tools | ipsec-tools | 0.3_rc2 |
| kame | racoon | * |
| ipsec-tools | ipsec-tools | 0.3_rc5 |
| ipsec-tools | ipsec-tools | 0.3 |
| ipsec-tools | ipsec-tools | 0.3_rc4 |
| kame | racoon | 2004-04-05 |
| kame | racoon | 2004-04-07b |
| redhat | enterprise_linux | 3.0 |
| kame | racoon | 2003-07-11 |
| ipsec-tools | ipsec-tools | 0.3_rc3 |
| kame | racoon | 2004-05-03 |
| ipsec-tools | ipsec-tools | 0.3.1 |
| ipsec-tools | ipsec-tools | 0.3.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| ipsec-tools | ipsec-tools | 0.3_rc1 |
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kame | racoon | 2005-02-14 |
| kame | racoon | 2005-02-28 |
| kame | racoon | 2004-04-07b |
| redhat | enterprise_linux | 4.0 |
| redhat | enterprise_linux | 3.0 |
| kame | racoon | 2003-07-11 |
| suse | suse_linux | 9.1 |
| suse | suse_linux | 9.2 |
| altlinux | alt_linux | 2.3 |
| ipsec-tools | ipsec-tools | 0.3.3 |
| kame | racoon | 2004-05-03 |
| ipsec-tools | ipsec-tools | 0.5 |
| redhat | enterprise_linux_desktop | 4.0 |
| kame | racoon | 2005-03-07 |
| kame | racoon | 2005-01-24 |
| kame | racoon | 2005-01-10 |
| kame | racoon | 2005-02-07 |
| kame | racoon | 2004-04-05 |
| sgi | propack | 3.0 |
| kame | racoon | 2005-01-31 |
| kame | racoon | 2005-01-03 |
| kame | racoon | 2005-01-17 |
| suse | suse_linux | * |
| redhat | enterprise_linux_desktop | 3.0 |
| kame | racoon | 2005-02-21 |
The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kame | ipcomp | * |
The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | * |
| kame | kame | * |
| netbsd | netbsd | 4.0 |